[oe] [meta-networking][PATCH 1/3] snort: add recipe
Joe MacDonald
joe at deserted.net
Mon Sep 23 16:58:12 UTC 2013
Hi Chunrong,
A few things with this one.
- can you be more specific with the LICENSE?
WARNING: snort: No generic license file exists for: GPL in any provider
- my test build generated QA errors due to host libraries being used in
the build:
cc1: warning: include location "/usr/include/pcap" is unsafe for cross-compilation [-Wpoison-system-directories]
cc1: warning: include location "/usr/include/pcap" is unsafe for cross-compilation [-Wpoison-system-directories]
cc1: warning: include location "/usr/include/pcap" is unsafe for cross-compilation [-Wpoison-system-directories]
cc1: warning: include location "/usr/include/pcap" is unsafe for cross-compilation [-Wpoison-system-directories]
- Is the pkg_postinst_${PN} action really necessary? Can't you
accomplish the same thing by inheriting useradd? At worst, I think
you'll only need the last line, directly invoking
populate-volatile.sh. Could be mistaken on that, though.
- Can you take another pass through the recipe itself, please? There's
some inconsistent formatting (specifically around SRC_URI) and
minor whitespace issues (around EXTRA_OECONF, for sure, maybe
elsewhere, I've only done a quick scan).
- While we're on the topic, I hate to ask, but any chance we could fix
up the formatting on the initscript itself? It's an indentation
disaster. Not your fault, I know, but I don't know that we'll ever go
back to taking the debian one again and I'd rather it be clean for
anyone who comes along later.
- There's one minor inconsistency in the logrotate file, too, can you
make them all space-indented or all tab-indented please?
Thanks,
-J.
[[oe] [meta-networking][PATCH 1/3] snort: add recipe] On 13.09.23 (Mon 17:06) b40290 at freescale.com wrote:
> From: Chunrong Guo <B40290 at freescale.com>
>
> *snort - a free lightweight network intrusion detection
> system for UNIX and Windows
>
> Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> ---
> .../recipes-connectivity/snort/files/default | 42 ++
> .../snort/files/disable-dap-address-space-id.patch | 52 +++
> .../snort/files/disable-inaddr-none.patch | 75 ++++
> .../recipes-connectivity/snort/files/logrotate | 12 +
> .../recipes-connectivity/snort/files/snort.init | 425 ++++++++++++++++++++
> .../recipes-connectivity/snort/files/volatiles | 2 +
> .../recipes-connectivity/snort/snort_2.9.4.6.bb | 86 ++++
> 7 files changed, 694 insertions(+), 0 deletions(-)
> create mode 100644 meta-networking/recipes-connectivity/snort/files/default
> create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
> create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
> create mode 100644 meta-networking/recipes-connectivity/snort/files/logrotate
> create mode 100755 meta-networking/recipes-connectivity/snort/files/snort.init
> create mode 100644 meta-networking/recipes-connectivity/snort/files/volatiles
> create mode 100644 meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
>
> diff --git a/meta-networking/recipes-connectivity/snort/files/default b/meta-networking/recipes-connectivity/snort/files/default
> new file mode 100644
> index 0000000..afd3840
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/default
> @@ -0,0 +1,42 @@
> +# Parameters for the daemon
> +# Add any additional parameteres here.
> +PARAMS="-m 027 -D -d "
> +#
> +# Snort user
> +# This user will be used to launch snort. Notice that the
> +# preinst script of the package might do changes to the user
> +# (home directory, User Name) when the package is upgraded or
> +# reinstalled. So, do *not* change this to 'root' or to any other user
> +# unless you are sure there is no problem with those changes being introduced.
> +#
> +SNORTUSER="snort"
> +#
> +# Logging directory
> +# Snort logs will be dropped here and this will be the home
> +# directory for the SNORTUSER. If you change this value you should
> +# change the /etc/logrotate.d/snort definition too, otherwise logs
> +# will not be rotated properly.
> +#
> +LOGDIR="/var/log/snort"
> +#
> +# Snort group
> +# This is the group that the snort user will be added to.
> +#
> +SNORTGROUP="snort"
> +#
> +# Allow Snort's init.d script to work if the configured interfaces
> +# are not available. Set this to yes if you configure Snort with
> +# multiple interfaces but some might not be available on boot
> +# (e.g. wireless interfaces)
> +#
> +# Note: In order for this to work the 'iproute' package needs to
> +# be installed.
> +ALLOW_UNAVAILABLE="no"
> +
> +# Local configs
> +#
> +LOCAL_SNORT_STARTUP=boot
> +LOCAL_SNORT_HOME_NET="192.168.0.0/16"
> +LOCAL_SNORT_INTERFACE=""
> +LOCAL_SNORT_STATS_RCPT="root"
> +LOCAL_SNORT_STATS_THRESHOLD="1"
> diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
> new file mode 100644
> index 0000000..39e5c9c
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
> @@ -0,0 +1,52 @@
> +Upstream-Status:Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for dap address space id... configure:
> +configure: error: cannot run test program while cross compiling
> +
> +
> +Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> +
> +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
> ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
> +@@ -679,23 +679,23 @@
> +
> + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> +
> +-AC_MSG_CHECKING([for daq address space ID])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <daq.h>
> +-]],
> +-[[
> +- DAQ_PktHdr_t hdr;
> +- hdr.address_space_id = 0;
> +-]])],
> +-[have_daq_address_space_id="yes"],
> +-[have_daq_address_space_id="no"])
> +-AC_MSG_RESULT($have_daq_address_space_id)
> +-if test "x$have_daq_address_space_id" = "xyes"; then
> +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> +- [DAQ version supports address space ID in header.])
> +-fi
> ++#AC_MSG_CHECKING([for daq address space ID])
> ++#AC_RUN_IFELSE(
> ++#[AC_LANG_PROGRAM(
> ++#[[
> ++##include <daq.h>
> ++#]],
> ++#[[
> ++# DAQ_PktHdr_t hdr;
> ++# hdr.address_space_id = 0;
> ++#]])],
> ++have_daq_address_space_id="yes"
> ++#[have_daq_address_space_id="no"])
> ++#AC_MSG_RESULT($have_daq_address_space_id)
> ++#if test "x$have_daq_address_space_id" = "xyes"; then
> ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> ++# [DAQ version supports address space ID in header.])
> ++#fi
> +
> + # any sparc platform has to have this one defined.
> + AC_MSG_CHECKING(for sparc)
> diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
> new file mode 100644
> index 0000000..9dafe63
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
> @@ -0,0 +1,75 @@
> +Upstream-Status: Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for INADDR_NONE... configure:
> +configure: error: cannot run test program while cross compiling
> +
> +Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> +
> +
> +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
> ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
> +@@ -281,25 +281,7 @@
> + AC_CHECK_TYPES([boolean])
> +
> + # In case INADDR_NONE is not defined (like on Solaris)
> +-have_inaddr_none="no"
> +-AC_MSG_CHECKING([for INADDR_NONE])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <sys/types.h>
> +-#include <netinet/in.h>
> +-#include <arpa/inet.h>
> +-]],
> +-[[
> +- if (inet_addr("10,5,2") == INADDR_NONE);
> +- return 0;
> +-]])],
> +-[have_inaddr_none="yes"],
> +-[have_inaddr_none="no"])
> +-AC_MSG_RESULT($have_inaddr_none)
> +-if test "x$have_inaddr_none" = "xno"; then
> +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> +-fi
> ++have_inaddr_none="yes"
> +
> + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> + #include <stdio.h>
> +@@ -397,21 +379,21 @@
> + fi
> + fi
> +
> +-AC_MSG_CHECKING([for pcap_lex_destroy])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <pcap.h>
> +-]],
> +-[[
> +- pcap_lex_destroy();
> +-]])],
> +-[have_pcap_lex_destroy="yes"],
> +-[have_pcap_lex_destroy="no"])
> +-AC_MSG_RESULT($have_pcap_lex_destroy)
> +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> +-fi
> ++#AC_MSG_CHECKING([for pcap_lex_destroy])
> ++#AC_RUN_IFELSE(
> ++#[AC_LANG_PROGRAM(
> ++#[[
> ++##include <pcap.h>
> ++#]],
> ++#[[
> ++# pcap_lex_destroy();
> ++#]])],
> ++have_pcap_lex_destroy="yes"
> ++#[have_pcap_lex_destroy="no"])
> ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> ++#fi
> +
> + AC_MSG_CHECKING([for pcap_lib_version])
> + AC_LINK_IFELSE(
> diff --git a/meta-networking/recipes-connectivity/snort/files/logrotate b/meta-networking/recipes-connectivity/snort/files/logrotate
> new file mode 100644
> index 0000000..ef3e4af
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/logrotate
> @@ -0,0 +1,12 @@
> +/var/log/snort/*.log /var/log/snort/alert {
> + size 1M
> + missingok
> + compress
> + delaycompress
> + rotate 10
> + sharedscripts
> + postrotate
> + /etc/init.d/snort restart
> + endscript
> +}
> +
> diff --git a/meta-networking/recipes-connectivity/snort/files/snort.init b/meta-networking/recipes-connectivity/snort/files/snort.init
> new file mode 100755
> index 0000000..af66619
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/snort.init
> @@ -0,0 +1,425 @@
> +#!/bin/sh -e
> +#
> +# Init.d script for Snort in OpenEmbedded, based on Debian's script
> +#
> +# Copyright (c) 2009 Roman I Khimov <khimov at altell.ru>
> +#
> +# Copyright (c) 2001 Christian Hammers
> +# Copyright (c) 2001-2002 Robert van der Meulen
> +# Copyright (c) 2002-2004 Sander Smeenk <ssmeenk at debian.org>
> +# Copyright (c) 2004-2007 Javier Fernandez-Sanguino <jfs at debian.org>
> +#
> +# This is free software; you may redistribute it and/or modify
> +# it under the terms of the GNU General Public License as
> +# published by the Free Software Foundation; either version 2,
> +# or (at your option) any later version.
> +#
> +# This is distributed in the hope that it will be useful, but
> +# WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License with
> +# the Debian operating system, in /usr/share/common-licenses/GPL; if
> +# not, write to the Free Software Foundation, Inc., 59 Temple Place,
> +# Suite 330, Boston, MA 02111-1307 USA
> +#
> +### BEGIN INIT INFO
> +# Provides: snort
> +# Required-Start: $time $network $local_fs
> +# Required-Stop:
> +# Should-Start: $syslog
> +# Should-Stop:
> +# Default-Start: 2 3 4 5
> +# Default-Stop: 0 1 6
> +# Short-Description: Lightweight network intrusion detection system
> +# Description: Intrusion detection system that will
> +# capture traffic from the network cards and will
> +# match against a set of known attacks.
> +### END INIT INFO
> +
> +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
> +
> +test $DEBIAN_SCRIPT_DEBUG && set -v -x
> +
> +DAEMON=/usr/bin/snort
> +NAME=snort
> +DESC="Network Intrusion Detection System"
> +
> +. /etc/default/snort
> +COMMON="$PARAMS -l $LOGDIR -u $SNORTUSER -g $SNORTGROUP"
> +
> +test -x $DAEMON || exit 0
> +test -z "$LOCAL_SNORT_HOME_NET" && LOCAL_SNORT_HOME_NET="192.168.0.0/16"
> +
> +# to find the lib files
> +cd /etc/snort
> +
> +running()
> +{
> + PIDFILE=$1
> +# No pidfile, probably no daemon present
> + [ ! -f "$PIDFILE" ] && return 1
> + pid=`cat $PIDFILE`
> +# No pid, probably no daemon present
> + [ -z "$pid" ] && return 1
> + [ ! -d /proc/$pid ] && return 1
> + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
> +# No daemon
> + [ "$cmd" != "$DAEMON" ] && return 1
> + return 0
> +}
> +
> +
> +check_log_dir() {
> +# Does the logging directory belong to Snort?
> + # If we cannot determine the logdir return without error
> + # (we will not check it)
> + # This will only be used by people using /etc/default/snort
> + [ -n "$LOGDIR" ] || return 0
> + [ -n "$SNORTUSER" ] || return 0
> + if [ ! -e "$LOGDIR" ] ; then
> + echo "ERR: logging directory $LOGDIR does not exist"
> + return 1
> + elif [ ! -d "$LOGDIR" ] ; then
> + echo "ERR: logging directory $LOGDIR does not exist"
> + return 1
> + else
> + # Don't worry, be happy
> + true
> + fi
> + return 0
> +}
> +
> +check_root() {
> + if [ "$(id -u)" != "0" ]; then
> + echo "You must be root to start, stop or restart $NAME."
> + exit 4
> + fi
> +}
> +
> +case "$1" in
> + start)
> + check_root
> + echo "Starting $DESC " "$NAME"
> +
> + if [ -e /etc/snort/db-pending-config ] ; then
> + echo "/etc/snort/db-pending-config file found"
> + echo "Snort will not start as its database is not yet configured."
> + echo "Please configure the database as described in"
> + echo "/usr/share/doc/snort-{pgsql,mysql}/README-database.Debian"
> + echo "and remove /etc/snort/db-pending-config"
> + exit 6
> + fi
> +
> + if ! check_log_dir; then
> + echo " will not start $DESC!"
> + exit 5
> + fi
> + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then
> + shift
> + set +e
> + /etc/ppp/ip-up.d/snort "$@"
> + ret=$?
> + if [ $ret -eq 0 ] ; then
> + echo 0
> + else
> + echo 1
> + fi
> + exit $ret
> + fi
> +
> + # Usually, we start all interfaces
> + interfaces="$LOCAL_SNORT_INTERFACE"
> +
> + # If we are requested to start a specific interface...
> + test "$2" && interfaces="$2"
> +
> + # If the interfaces list is empty stop (no error)
> + if [ -z "$interfaces" ] ; then
> + echo "no interfaces configured, will not start"
> + echo 0
> + exit 0
> + fi
> +
> + myret=0
> + got_instance=0
> + for interface in $interfaces; do
> + got_instance=1
> + echo "($interface"
> +
> + # Check if the interface is available:
> + # - only if iproute is available
> + # - the interface exists
> + # - the interface is up
> + if ! [ -x /sbin/ip ] || ( ip link show dev "$interface" >/dev/null 2>&1 && [ -n "`ip link show up "$interface" 2>/dev/null`" ] ) ; then
> +
> + PIDFILE=/var/run/snort_$interface.pid
> + CONFIGFILE=/etc/snort/snort.$interface.conf
> +
> + # Defaults:
> + fail="failed (check /var/log/syslog and /var/log/snort)"
> + run="yes"
> +
> + if [ -e "$PIDFILE" ] && running $PIDFILE; then
> + run="no"
> + # Do not start this instance, it is already runing
> + fi
> +
> + if [ "$run" = "yes" ] ; then
> + if [ ! -e "$CONFIGFILE" ]; then
> + echo "no /etc/snort/snort.$interface.conf found, defaulting to snort.conf"
> + CONFIGFILE=/etc/snort/snort.conf
> + fi
> +
> + set +e
> + /sbin/start-stop-daemon --start --quiet \
> + --pidfile "$PIDFILE" \
> + --exec $DAEMON -- $COMMON $LOCAL_SNORT_OPTIONS \
> + -c $CONFIGFILE \
> + -S "HOME_NET=[$LOCAL_SNORT_HOME_NET]" \
> + -i $interface >/dev/null
> + ret=$?
> + case "$ret" in
> + 0)
> + echo "...done)"
> + ;;
> + *)
> + echo "...ERROR: $fail)"
> + myret=$(expr "$myret" + 1)
> + ;;
> + esac
> + set -e
> + else
> + echo "...already running)"
> + fi
> +
> + else
> + # What to do if the interface is not available
> + # or is not up
> + if [ "$ALLOW_UNAVAILABLE" != "no" ] ; then
> + echo "...interface not available)"
> + else
> + echo "...ERROR: interface not available)"
> + myret=$(expr "$myret" + 1)
> + fi
> + fi
> + done
> +
> + if [ "$got_instance" = 0 ] && [ "$ALLOW_UNAVAILABLE" = "no" ]; then
> + echo "No snort instance found to be started!" >&2
> + exit 6
> + fi
> +
> + if [ $myret -eq 0 ] ; then
> + echo 0
> + else
> + echo 1
> + fi
> + exit $myret
> + ;;
> + stop)
> + check_root
> + echo "Stopping $DESC " "$NAME"
> +
> + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then
> + shift
> + set +e
> + /etc/ppp/ip-down.d/snort "$@"
> + ret=$?
> + if [ $ret -eq 0 ] ; then
> + echo 0
> + else
> + echo 1
> + fi
> + exit $ret
> + fi
> +
> + # Usually, we stop all current running interfaces
> + pidpattern=/var/run/snort_*.pid
> +
> + # If we are requested to stop a specific interface...
> + test "$2" && pidpattern=/var/run/snort_"$2".pid
> +
> + got_instance=0
> + myret=0
> + for PIDFILE in $pidpattern; do
> + # This check is also needed, if the above pattern doesn't match
> + test -f "$PIDFILE" || continue
> +
> + got_instance=1
> + interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//')
> +
> + echo "($interface"
> +
> + set +e
> + if [ ! -e "$PIDFILE" -o -r "$PIDFILE" ] ; then
> +# Change ownership of the pidfile
> + /sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
> + --pidfile "$PIDFILE" --exec $DAEMON >/dev/null
> + ret=$?
> + rm -f "$PIDFILE"
> + rm -f "$PIDFILE.lck"
> + else
> + echo "cannot read $PIDFILE"
> + ret=4
> + fi
> + case "$ret" in
> + 0)
> + echo "...done)"
> + ;;
> + *)
> + echo "...ERROR)"
> + myret=$(expr "$myret" + 1)
> + ;;
> + esac
> + set -e
> +
> + done
> +
> + if [ "$got_instance" = 0 ]; then
> + log_warning_msg "No running snort instance found"
> + exit 0 # LSB demands we don't exit with error here
> + fi
> + if [ $myret -eq 0 ] ; then
> + echo 0
> + else
> + echo 1
> + fi
> + exit $myret
> + ;;
> + restart|force-restart|reload|force-reload)
> + check_root
> + # Usually, we restart all current running interfaces
> + pidpattern=/var/run/snort_*.pid
> +
> + # If we are requested to restart a specific interface...
> + test "$2" && pidpattern=/var/run/snort_"$2".pid
> +
> + got_instance=0
> + for PIDFILE in $pidpattern; do
> + # This check is also needed, if the above pattern doesn't match
> + test -f "$PIDFILE" || continue
> +
> + got_instance=1
> + interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//')
> + $0 stop $interface || true
> + $0 start $interface || true
> + done
> +
> + if [ "$got_instance" = 0 ]; then
> + echo "No snort instance found to be stopped!" >&2
> + exit 6
> + fi
> + ;;
> + status)
> +# Non-root users can use this (if allowed to)
> + echo "Status of snort daemon(s)"
> + interfaces="$LOCAL_SNORT_INTERFACE"
> + # If we are requested to check for a specific interface...
> + test "$2" && interfaces="$2"
> + err=0
> + pid=0
> + for interface in $interfaces; do
> + echo " $interface "
> + pidfile=/var/run/snort_$interface.pid
> + if [ -f "$pidfile" ] ; then
> + if [ -r "$pidfile" ] ; then
> + pidval=`cat $pidfile`
> + pid=$(expr "$pid" + 1)
> + if ps -p $pidval | grep -q snort; then
> + echo "OK"
> + else
> + echo "ERROR"
> + err=$(expr "$err" + 1)
> + fi
> + else
> + echo "ERROR: cannot read status file"
> + err=$(expr "$err" + 1)
> + fi
> + else
> + echo "ERROR"
> + err=$(expr "$err" + 1)
> + fi
> + done
> + if [ $err -ne 0 ] ; then
> + if [ $pid -ne 0 ] ; then
> +# More than one case where pidfile exists but no snort daemon
> +# LSB demands a '1' exit value here
> + echo 1
> + exit 1
> + else
> +# No pidfiles at all
> +# LSB demands a '3' exit value here
> + echo 3
> + exit 3
> + fi
> + fi
> + echo 0
> + ;;
> + config-check)
> + echo "Checking $DESC configuration"
> + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then
> + echo "Config-check is currently not supported for snort in Dialup configuration"
> + echo 3
> + exit 3
> + fi
> +
> + # usually, we test all interfaces
> + interfaces="$LOCAL_SNORT_INTERFACE"
> + # if we are requested to test a specific interface...
> + test "$2" && interfaces="$2"
> +
> + myret=0
> + got_instance=0
> + for interface in $interfaces; do
> + got_instance=1
> + echo "interface $interface"
> +
> + CONFIGFILE=/etc/snort/snort.$interface.conf
> + if [ ! -e "$CONFIGFILE" ]; then
> + CONFIGFILE=/etc/snort/snort.conf
> + fi
> + COMMON=`echo $COMMON | sed -e 's/-D//'`
> + set +e
> + fail="INVALID"
> + if [ -r "$CONFIGFILE" ]; then
> + $DAEMON -T $COMMON $LOCAL_SNORT_OPTIONS \
> + -c $CONFIGFILE \
> + -S "HOME_NET=[$LOCAL_SNORT_HOME_NET]" \
> + -i $interface >/dev/null 2>&1
> + ret=$?
> + else
> + fail="cannot read $CONFIGFILE"
> + ret=4
> + fi
> + set -e
> +
> + case "$ret" in
> + 0)
> + echo "OK"
> + ;;
> + *)
> + echo "$fail"
> + myret=$(expr "$myret" + 1)
> + ;;
> + esac
> + done
> + if [ "$got_instance" = 0 ]; then
> + echo "no snort instance found to be started!" >&2
> + exit 6
> + fi
> +
> + if [ $myret -eq 0 ] ; then
> + echo 0
> + else
> + echo 1
> + fi
> + exit $myret
> + ;;
> + *)
> + echo "Usage: $0 {start|stop|restart|force-restart|reload|force-reload|status|config-check}"
> + exit 1
> + ;;
> +esac
> +exit 0
> diff --git a/meta-networking/recipes-connectivity/snort/files/volatiles b/meta-networking/recipes-connectivity/snort/files/volatiles
> new file mode 100644
> index 0000000..e3ab51d
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/volatiles
> @@ -0,0 +1,2 @@
> +# <type> <owner> <group> <mode> <path> <linksource>
> +d snort snort 0755 /var/log/snort none
> \ No newline at end of file
> diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> new file mode 100644
> index 0000000..5a165ef
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> @@ -0,0 +1,86 @@
> +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> +HOMEPAGE = "http://www.snort.org/"
> +LICENSE = "GPL"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> +
> +DEPENDS = "libpcap libpcre daq libdnet"
> +
> +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> + file://disable-inaddr-none.patch \
> + file://disable-dap-address-space-id.patch \
> + file://snort.init \
> + file://default \
> + file://logrotate \
> + file://volatiles \
> + "
> +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> +
> +inherit autotools gettext
> +
> +EXTRA_OECONF = " \
> + --enable-gre \
> + --enable-linux-smp-stats \
> + --enable-reload \
> + --enable-reload-error-restart \
> + --enable-targetbased \
> + --disable-static-daq \
> + "
> +
> +do_install_append() {
> + install -d ${D}/${sysconfdir}/snort/rules
> + install -d ${D}/${sysconfdir}/snort/preproc_rules
> + install -d ${D}/${sysconfdir}/default/volatiles
> + mkdir -p ${D}/${sysconfdir}/init.d
> + for i in map config conf dtd; do
> + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> + done
> + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> + install -m 0644 ${WORKDIR}/default ${D}/${sysconfdir}/default/snort
> + install -m 0644 ${WORKDIR}/volatiles ${D}/${sysconfdir}/default/volatiles/snort
> + install -m 0755 ${WORKDIR}/snort.init ${D}/${sysconfdir}/init.d/snort
> + mkdir -p ${D}/${localstatedir}/log/snort
> + install -d ${D}${sysconfdir}/logrotate.d
> + install -m 0644 ${WORKDIR}/logrotate ${D}${sysconfdir}/logrotate.d/snort
> +}
> +
> +pkg_postinst_${PN}() {
> + grep -q ^snort: /etc/group || addgroup snort
> + grep -q ^snort: /etc/passwd || \
> + adduser --disabled-password --home=/var/log/snort/ --system \
> + --ingroup snort --no-create-home -g "snort" snort
> + ${sysconfdir}/init.d/populate-volatile.sh update
> +}
> +
> +PACKAGES =+ "${PN}-logrotate"
> +FILES_${PN}-logrotate = "${sysconfdir}/logrotate.d/snort"
> +FILES_${PN} += " \
> + ${libdir}/snort_dynamicengine/*.so.* \
> + ${libdir}/snort_dynamicpreprocessor/*.so.* \
> + ${libdir}/snort_dynamicrules/*.so.* \
> + "
> +FILES_${PN}-dbg += " \
> + ${libdir}/snort_dynamicengine/.debug \
> + ${libdir}/snort_dynamicpreprocessor/.debug \
> + ${libdir}/snort_dynamicrules/.debug \
> + "
> +FILES_${PN}-staticdev += " \
> + ${libdir}/snort_dynamicengine/*.a \
> + ${libdir}/snort_dynamicpreprocessor/*.a \
> + ${libdir}/snort_dynamicrules/*.a \
> + ${libdir}/snort/dynamic_preproc/*.a \
> + ${libdir}/snort/dynamic_output/*.a \
> + "
> +FILES_${PN}-dev += " \
> + ${libdir}/snort_dynamicengine/*.la \
> + ${libdir}/snort_dynamicpreprocessor/*.la \
> + ${libdir}/snort_dynamicrules/*.la \
> + ${libdir}/snort_dynamicengine/*.so \
> + ${libdir}/snort_dynamicpreprocessor/*.so \
> + ${libdir}/snort_dynamicrules/*.so \
> + ${prefix}/src/snort_dynamicsrc \
> + "
> +
> +RRECOMMENDS_${PN} += "${PN}-logrotate"
> +RRECOMMENDS_${PN} += "barnyard"
> +RSUGGESTS_${PN}-logrotate += "logrotate"
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20130923/9269b76a/attachment-0002.sig>
More information about the Openembedded-devel
mailing list